Spring Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Microsoft AZ-700 - Designing and Implementing Microsoft Azure Networking Solutions

Microsoft AZ-700 Premium Access     Download Demo    
Page: 1 / 6
Total 312 questions

You have the Azure subscriptions shown in the following table.

Each virtual network contains 20 internet-accessible resources that are assigned public IP addresses.

You need to implement Azure DDoS Network Protection to protect the resources. The solution must minimize costs.

What is the minimum number of DDoS Network Protection plans you should deploy?

A.

1

B.

2

C.

3

D.

6

You have an Azure subscription. The subscription contains multiple Azure SQL Database resources and a virtual network named VNet1 that has five subnets. All the subnets are associated with a network security group (NSG) named NSG1. NSG1 blocks all outbound traffic, unless specifically allowed by a rule.

Each subnet contains 50 virtual machines. Multiple virtual machines host instances of SQL Server on Virtual Machines and will be configured to replicate with the Azure SQL Database resources.

You need to configure a new outbound rule in NSG1 to allow the SQL Server on Virtual Machines instances to connect to the Azure SQL Database resources. The solution must meet the following requirements:

• Minimize modifications to NSG1 when additional instances of SQL Server on Virtual Machines are deployed.

• Ensure that only SQL Server on Virtual Machines instances can connect to the Azure SQL Database resources.

How should you configure each setting for the new outbound rule? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You plan to deploy an Azure virtual network.

You need to design the subnets.

Which three types of resources require a dedicated subnet? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

A.

VPN gateway

B.

Azure Bastion

C.

Azure Active Directory Domain Services (Azure AD DS)

D.

Azure Application Gateway v2

E.

Azure Private Link

You have an Azure subscription.

You plan 10 implement an Azure application gateway named AGW1.

You need to implement an external TLS certificate store for AGW1. The solution must meet the following requirements:

• Keys must be stored by using the highest possible security.

• Administrative effort must be minimized.

Which type of certificate store should you use, and which type of identity should you use to access the store? To answer, select the appropriate options in the answer area.

NOTE: Each correct answer is worth one point.

You have an Azure subscription that contains the resources shown in the following table.

You plan to deploy an Azure Virtual Network NAT gateway named Gateway 1. The solution must meet the following requirements:

• VM1 will access the internet by using its public IP address.

• VM2 will access the internet by using its public IP address.

• Administrative effort must be minimized.

You need to ensure that you can deploy Gateway1 to Vnet1.

What is the minimal number of subnets that Vnet1 must have?

A.

2

B.

3

C.

4

D.

5

You have an Azure subscription.

You plan to deploy Azure Firewall Premium, enable all the Premium features, and configure both network and application rules.

Which type of rule will the firewall process first?

A.

infrastructure

B.

network

C.

threat intelligence

D.

application

You have an Azure subscription that contains the virtual machines shown in the following table.

Subnet1 and Subnet2 are associated to a network security group (NSG) named NSG1 that has the following outbound rule:

    Priority: 100

    Port: Any

    Protocol: Any

    Source: Any

    Destination: Storage

    Action: Deny

You create a private endpoint that has the following settings:

    Name: Private1

    Resource type: Microsoft.Storage/storageAccounts

    Resource: storage1

    Target sub-resource: blob

    Virtual network: Vnet1

    Subnet: Subnet1

For each of the following statements, select Yes of the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Your company has a single on-premises datacenter in New York. The East US Azure region has a peering location in New York.

The company only has Azure resources in the East US region.

You need to implement ExpressRoute to support up to 1 Gbps. You must use only ExpressRoute Unlimited data plans. The solution must minimize costs.

Which type of ExpressRoute circuits should you create?

A.

ExpressRoute Local

B.

ExpressRoute Direct

C.

ExpressRoute Premium

D.

ExpressRoute Standard

You have an application named App1 that listens for incoming requests on a preconfigured group of 50 TCP ports and UDP ports.

You install App1 on 10 Azure virtual machines.

You need to implement load balancing for App1 across all the virtual machines. The solution must minimize the number of load balancing rules.

What should you include in the solution?

A.

Azure Standard Load Balancer that has Floating IP enabled

B.

Azure Application Gateway V2 that has multiple listeners

C.

Azure Application Gateway v2 that has multiple site hosting enabled

D.

Azure Standard Load Balancer that has high availability (HA) ports enabled

You have an Azure subscription that contains the public IP addresses shown in the following table.

You plan to deploy a NAT gateway named NAT1.

Which public IP addresses can be used as the public IP address for NAT1?

A.

IP3 and IP5 only

B.

IP5 only

C.

IP1, IP3, and IP5 only

D.

IP3 only

E.

IP2 and IP4 only